Fix-ups so that the cookie.path, cookie.domain, and cookie.secure flags are properly respected for the session cookies.
Security improvement by sending the httponly flag for session cookies, which means the cookies are only provided over http requests, but cannot be read by JavaScript code.
Don't re-send the cookie in every request, the php session handler does this automatically (note - not tested with alternate session handlers).
Fix-ups so that the
cookie.path,cookie.domain, andcookie.secureflags are properly respected for the session cookies.Security improvement by sending the
httponlyflag for session cookies, which means the cookies are only provided over http requests, but cannot be read by JavaScript code.Don't re-send the cookie in every request, the php session handler does this automatically (note - not tested with alternate session handlers).